Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Got E3002 error in 1.9.0 version, #3542

Closed
dengmingtong opened this issue Jul 30, 2024 · 3 comments
Closed

Got E3002 error in 1.9.0 version, #3542

dengmingtong opened this issue Jul 30, 2024 · 3 comments

Comments

@dengmingtong
Copy link

CloudFormation Lint Version

1.9.0

What operating system are you using?

Mac

Describe the bug

When I upgrade cfn-lint to version 1.9.0, got below error:

E3002 When using an ECS task definition of host port 0 and associating that container to an ELB the target group has to have a 'HealthCheckPort' of 'traffic-port'
cdk.out/MyTestIngestionServerC0000BCCECD80.nested.template.json:1768:5

We don't think this is an error, and according to

cfn-lint/docs/rules.md

Line 101 in 63cadf4

| [E3002<a name="E3002"></a>](../src/cfnlint/rules/resources/properties/Properties.py) | Resource properties are invalid | Making sure that resources properties are properly configured | | [Source](https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#properties) | `resources` |

The E3002 should be another error.

Expected behavior

Expect there is no error for cfn-lint v1.9.0

Reproduction template

{
...
  "IngestionServerclickstreamingestionservicealbListenerECSGroup46B223E2": {
   "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
   "Properties": {
    "HealthCheckEnabled": true,
    "HealthCheckIntervalSeconds": 10,
    "HealthCheckPath": "/health",
    "HealthCheckPort": "8088",
    "HealthCheckProtocol": "HTTP",
    "HealthCheckTimeoutSeconds": 6,
    "HealthyThresholdCount": 2,
    "Port": 8088,
    "Protocol": "HTTP",
    "TargetGroupAttributes": [
     {
      "Key": "stickiness.enabled",
      "Value": "false"
     }
    ],
...
}
@kddejong
Copy link
Contributor

This rule is triggered from an AWS::ECS::Service and associated AWS::ECS::TaskDefinition. Can you provide the relevant parts of those resources too?

@kddejong kddejong mentioned this issue Jul 30, 2024
Merged
@dengmingtong
Copy link
Author

"IngestionServerclickstreamingestionserviceecstaskdef5E69A80A": {
"Type": "AWS::ECS::TaskDefinition",
"Properties": {
"ContainerDefinitions": [
{
"Cpu": 256,
"Environment": [
{
"Name": "NGINX_WORKER_CONNECTIONS",
"Value": "1024"
},
{
"Name": "SERVER_ENDPOINT_PATH",
"Value": {
"Ref": "referencetoMyTestServerEndpointPathA8D9F825Ref"
}
},
{
"Name": "PING_ENDPOINT_PATH",
"Value": "/ping"
},
{
"Name": "SERVER_CORS_ORIGIN",
"Value": {
"Ref": "referencetoMyTestServerCorsOrigin76E61FDCRef"
}
},
{
"Name": "AWS_REGION",
"Value": {
"Ref": "AWS::Region"
}
}
],
"Essential": true,
"Image": {
"Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:176b933c13981a68fdcdaacf1c02eb96ff6644bae4996c79cef8317d90f724e2"
},
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": {
"Ref": "IngestionServerproxylogAAED240F"
},
"awslogs-stream-prefix": "proxy",
"awslogs-region": {
"Ref": "AWS::Region"
}
}
},
"MemoryReservation": 900,
"Name": "proxy",
"PortMappings": [
{
"ContainerPort": 8088,
"Protocol": "tcp"
}
]
},
{
"Cpu": 1792,
"Environment": [
{
"Name": "AWS_REGION",
"Value": {
"Ref": "AWS::Region"
}
},
{
"Name": "AWS_MSK_BROKERS",
"Value": "NOT_SET"
},
{
"Name": "AWS_MSK_TOPIC",
"Value": "NOT_SET"
},
{
"Name": "AWS_S3_BUCKET",
"Value": {
"Ref": "referencetoMyTestS3DataBucketEE7953A1Ref"
}
},
{
"Name": "AWS_S3_PREFIX",
"Value": {
"Ref": "referencetoMyTestS3DataPrefix00332684Ref"
}
},
{
"Name": "DEV_MODE",
"Value": {
"Ref": "referencetoMyTestDevMode58A1BD65Ref"
}
},
{
"Name": "S3_BATCH_MAX_BYTES",
"Value": {
"Ref": "referencetoMyTestS3BatchMaxBytes6130DCB2Ref"
}
},
{
"Name": "S3_BATCH_TIMEOUT_SECS",
"Value": {
"Ref": "referencetoMyTestS3BatchTimeout9585B8F8Ref"
}
},
{
"Name": "AWS_KINESIS_STREAM_NAME",
"Value": "NOT_SET"
},
{
"Name": "STREAM_ACK_ENABLE",
"Value": "true"
},
{
"Name": "WORKER_THREADS_NUM",
"Value": "6"
}
],
"Essential": true,
"Image": {
"Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:4c025482bf4cfcedc65cb6486870dc9aa9f3328d84f7c7c9d892271b03225b12"
},
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": {
"Ref": "IngestionServerworkerlog35CECF3A"
},
"awslogs-stream-prefix": "worker",
"awslogs-region": {
"Ref": "AWS::Region"
}
}
},
"MemoryReservation": 900,
"Name": "worker",
"PortMappings": [
{
"ContainerPort": 8685,
"Protocol": "tcp"
},
{
"ContainerPort": 8686,
"Protocol": "tcp"
}
],
"StopTimeout": {
"Ref": "referencetoMyTestWorkerStopTimeout8B57DC12Ref"
}
}
],
"ExecutionRoleArn": {
"Fn::GetAtt": [
"IngestionServerclickstreamingestionserviceecstaskdefExecutionRole1D7B080E",
"Arn"
]
},
"Family": "MyTestIngestionServerC0000IngestionServerclickstreamingestionserviceecstaskdefF8F3E8BB",
"NetworkMode": "awsvpc",
"RequiresCompatibilities": [
"EC2"
],
"TaskRoleArn": {
"Fn::GetAtt": [
"IngestionServerclickstreamingestionserviceecstaskdefTaskRole3FCE5FCB",
"Arn"
]
}
},
"Metadata": {
"aws:cdk:path": "MyTest/IngestionServerC0000/IngestionServer/clickstream-ingestion-service-ecs-task-def/Resource"
}
},

AWS::ECS::Service
"IngestionServerclickstreamingestionserviceecsserviceServiceB3B48083": {
"Type": "AWS::ECS::Service",
"Properties": {
"CapacityProviderStrategy": [
{
"CapacityProvider": {
"Ref": "IngestionServerclickstreamingestionserviceecscapacityprovider8FF654A6"
},
"Weight": 1
}
],
"Cluster": {
"Ref": "IngestionServerclickstreamingestionserviceecscluster02FAD1F6"
},
"DeploymentConfiguration": {
"Alarms": {
"AlarmNames": [],
"Enable": false,
"Rollback": false
},
"MaximumPercent": 200,
"MinimumHealthyPercent": 50
},
"EnableECSManagedTags": false,
"HealthCheckGracePeriodSeconds": 60,
"LoadBalancers": [
{
"ContainerName": "proxy",
"ContainerPort": 8088,
"TargetGroupArn": {
"Ref": "IngestionServerclickstreamingestionservicealbListenerECSGroup46B223E2"
}
}
],
"NetworkConfiguration": {
"AwsvpcConfiguration": {
"AssignPublicIp": "DISABLED",
"SecurityGroups": [
{
"Fn::GetAtt": [
"ECSEgressToAWSServiceSGB2867C11",
"GroupId"
]
}
],
"Subnets": {
"Fn::Split": [
",",
{
"Ref": "referencetoMyTestPrivateSubnetIds3D2B0A75Ref"
}
]
}
}
},
"PropagateTags": "SERVICE",
"SchedulingStrategy": "REPLICA",
"TaskDefinition": {
"Ref": "IngestionServerclickstreamingestionserviceecstaskdef5E69A80A"
}
},
"DependsOn": [
"IngestionServerclickstreamingestionservicealbListenerECSGroup46B223E2",
"IngestionServerclickstreamingestionservicealbListenerC75A1082",
"IngestionServerclickstreamingestionserviceecscluster2CD9C6F5",
"IngestionServerclickstreamingestionserviceecstaskdefTaskRoleDefaultPolicy1D6452DB",
"IngestionServerclickstreamingestionserviceecstaskdefTaskRole3FCE5FCB"
],
"Metadata": {
"aws:cdk:path": "MyTest/IngestionServerC0000/IngestionServer/clickstream-ingestion-service-ecs-service/Service"
}
},

@kddejong
Copy link
Contributor

Thank you this release should have this resolved https://github.com/aws-cloudformation/cfn-lint/releases/tag/v1.9.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dengmingtong @kddejong